Intrusion Alert Analysis Based on PCA and the LVQ Neural Network

  • Jing-Xin Wang
  • Zhi-Ying Wang
  • Kui-Dai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4234)


We present a PCA-LVQ method and a balanced-training method for efficient intrusion alert clustering. For the network connection records in the rough 1999 DARPA intrusion dataset, we firstly get a purified and dimension-reduced dataset through Principal Component Analysis (PCA). Then, we use the Learning Vector Quantization (LVQ) neural network to perform intrusion alert clustering on the purified intrusion dataset. To our best knowledge, this is the first attempt of using the LVQ neural network and the PCA-LVQ model on intrusion alert clustering. The experiment results show that the PCA-LVQ model and the balanced-training method are effective: the time costs can be shortened about by three times, and the accuracy of detection can be elevated to a higher level, especially, the clustering accuracy rate of the U2R and R2L alerts can be increased dramatically.


Intrusion Detection Intrusion Detection System Attack Type Learn Vector Quantization Processor Cost 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Mahoney, M.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic, Ph.D. dissertation, Florida Institute of Technology (2003)Google Scholar
  2. 2.
    Eskin, E., Arnold, A., Prerau, M., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Applications of Data Mining in Computer Security (2002)Google Scholar
  3. 3.
    Bouzida, Y., Gombault, S.: EigenConnections to Intrusion Detection. In: Proceedings of the 19th IFIP International Information Security Conference, Kluwer Academic, Dordrecht (2004)Google Scholar
  4. 4.
    Ramadas, M.: Detecting Anomalous Network Traffic with Self-Organizing Maps. Master’s thesis, Ohio University (March 2003)Google Scholar
  5. 5.
  6. 6.
    jing-xin, W.: Feature selection for the intrusion detection system. In: Proceedings of the sixth conference on computer application and security, China (2002)Google Scholar
  7. 7.
    Mukkamala1, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. International Journal of Digital Evidence 1(4) (Winter 2003)Google Scholar
  8. 8.
    Oja, E.: Neural Networks, principal components, and subspaces. International Journal of Neural Systems 1(1), 61–68 (1989)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Jolliffe, I.T.: Principal Component Analysis, 3rd edn. Springer, New York (2002)MATHGoogle Scholar
  10. 10.
    Kohonen, T., Hynninen, J., Kangas, J.: LVQ_PAK: The Learning Vector Quantization Program Package. Techinical report (1996)Google Scholar
  11. 11.
    Hagan, M.T., Demuth, H.B., Beale, N.H.: Neural network design. China Machine Press (August 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jing-Xin Wang
    • 1
  • Zhi-Ying Wang
    • 1
  • Kui-Dai
    • 1
  1. 1.Computer SchoolNational University of Defense TechnologyChangshaChina

Personalised recommendations